iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
d10a274ada
linux/kernel
History
Takashi Iwai 0a2f9fe1b6 resource: fix integer overflow at reallocation 
commit 60bb83b81169820c691fbfa33a6a4aef32aa4b0b upstream.

We've got a bug report indicating a kernel panic at booting on an x86-32
system, and it turned out to be the invalid PCI resource assigned after
reallocation.  __find_resource() first aligns the resource start address
and resets the end address with start+size-1 accordingly, then checks
whether it's contained.  Here the end address may overflow the integer,
although resource_contains() still returns true because the function
validates only start and end address.  So this ends up with returning an
invalid resource (start > end).

There was already an attempt to cover such a problem in the commit
47ea91b4052d ("Resource: fix wrong resource window calculation"), but
this case is an overseen one.

This patch adds the validity check of the newly calculated resource for
avoiding the integer overflow problem.

Bugzilla: http://bugzilla.opensuse.org/show_bug.cgi?id=1086739
Link: http://lkml.kernel.org/r/s5hpo37d5l8.wl-tiwai@suse.de
Fixes: 23c570a67448 ("resource: ability to resize an allocated resource")
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Reported-by: Michael Henders <hendersm@shaw.ca>
Tested-by: Michael Henders <hendersm@shaw.ca>
Reviewed-by: Andrew Morton <akpm@linux-foundation.org>
Cc: Ram Pai <linuxram@us.ibm.com>
Cc: Bjorn Helgaas <bhelgaas@google.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2018-04-24 09:32:05 +02:00
..
bpf
bpf: skip unnecessary capability check
2018-03-28 18:40:17 +02:00
configs
kconfig: tinyconfig: provide whole choice blocks to avoid warnings
2016-09-24 10:07:42 +02:00
debug
kdb: Fix handling of kallsyms_symbol_next() return value
2017-12-16 10:33:49 +01:00
events
perf/core: Correct event creation with PERF_FORMAT_GROUP
2018-04-13 19:50:19 +02:00
gcov
gcov: disable for COMPILE_TEST
2018-01-23 19:50:10 +01:00
irq
genirq: Use cpumask_available() for check of cpumask variable
2018-04-08 11:51:57 +02:00
livepatch
livepatch: x86: fix relocation computation with kASLR
2015-11-11 17:36:04 +01:00
locking
locking/mutex: Allow next waiter lockless wakeup
2018-01-17 09:35:27 +01:00
power
sched/cpuset/pm: Fix cpuset vs. suspend-resume bugs
2017-10-12 11:27:35 +02:00
printk
braille-console: Fix value returned by _braille_console_setup
2018-03-22 09:23:23 +01:00
rcu
rcu: Allow for page faults in NMI handlers
2017-10-18 09:20:41 +02:00
sched
sched/numa: Use down_read_trylock() for the mmap_sem
2018-04-13 19:50:09 +02:00
time
time: Change posix clocks ops interfaces to use timespec64
2018-03-24 10:58:40 +01:00
trace
tracing: probeevent: Fix to support minus offset from symbol
2018-03-28 18:40:15 +02:00
.gitignore
certs: add .gitignore to stop git nagging about x509_certificate_list
2015-10-21 15:18:35 +01:00
acct.c
kernel/acct.c: fix the acct->needcheck check in check_free_space()
2018-01-10 09:27:08 +01:00
async.c
kernel/async.c: revert "async: simplify lowest_in_progress()"
2018-02-16 20:09:45 +01:00
audit_fsnotify.c
audit: clean simple fsnotify implementation
2015-08-06 16:14:53 -04:00
audit_tree.c
audit: audit_tree_match can be boolean
2015-11-04 08:23:51 -05:00
audit_watch.c
audit: Fix use after free in audit_remove_watch_rule()
2017-08-24 17:02:35 -07:00
audit.c
audit: add tty field to LOGIN event
2018-04-08 11:51:57 +02:00
audit.h
audit: audit_tree_match can be boolean
2015-11-04 08:23:51 -05:00
auditfilter.c
audit: fix comment block whitespace
2015-11-04 08:23:51 -05:00
auditsc.c
audit: add tty field to LOGIN event
2018-04-08 11:51:57 +02:00
backtracetest.c
bounds.c
capability.c
exec: Ensure mm->user_ns contains the execed files
2017-01-06 11:16:14 +01:00
cgroup_freezer.c
cgroup: fix handling of multi-destination migration from subtree_control enabling
2015-12-03 10:18:21 -05:00
cgroup_pids.c
cgroup_pids: don't account for the root cgroup
2015-12-03 10:18:21 -05:00
cgroup.c
cgroup, kthread: close race window where new kthreads can be migrated to non-root cgroups
2017-04-21 09:30:04 +02:00
compat.c
compat: cleanup coding in compat_get_bitmap() and compat_put_bitmap()
2015-06-04 23:57:18 +02:00
configs.c
context_tracking.c
context_tracking: avoid irq_save/irq_restore on guest entry and exit
2015-11-10 12:06:23 +01:00
cpu_pm.c
kernel/cpu_pm: fix cpu_cluster_pm_exit comment
2015-09-03 02:42:20 +02:00
cpu.c
stable-fixup: hotplug: fix unused function warning
2017-01-12 11:22:48 +01:00
cpuset.c
sched/cpuset/pm: Fix cpuset vs. suspend-resume bugs
2017-10-12 11:27:35 +02:00
crash_dump.c
cred.c
cred: Reject inodes with invalid ids in set_create_file_as()
2016-09-15 08:27:49 +02:00
delayacct.c
dma.c
elfcore.c
exec_domain.c
Remove rest of exec domains.
2015-04-12 21:03:31 +02:00
exit.c
wait/ptrace: assume __WALL if the child is traced
2016-06-07 18:14:35 -07:00
extable.c
kernel/extable.c: mark core_kernel_text notrace
2017-07-21 07:44:56 +02:00
fork.c
kaiser: stack map PAGE_SIZE at THREAD_SIZE-PAGE_SIZE
2018-01-05 15:44:23 +01:00
freezer.c
futex_compat.c
ptrace: use fsuid, fsgid, effective creds for fs access checks
2016-02-25 12:01:16 -08:00
futex.c
futex: Remove requirement for lock_page() in get_futex_key()
2018-04-13 19:50:24 +02:00
groups.c
kernel: make groups_sort calling a responsibility group_info allocators
2018-01-10 09:27:10 +01:00
hung_task.c
kernel/hung_task.c: change hung_task.c to use for_each_process_thread()
2015-04-15 16:35:22 -07:00
irq_work.c
treewide: Remove old email address
2015-11-23 09:44:58 +01:00
jump_label.c
jump_label: Invoke jump_label_test() via early_initcall()
2017-12-16 10:33:55 +01:00
kallsyms.c
kcmp.c
ptrace: use fsuid, fsgid, effective creds for fs access checks
2016-02-25 12:01:16 -08:00
Kconfig.freezer
Kconfig.hz
Kconfig.locks
locking/qrwlock: Rename QUEUE_RWLOCK to QUEUED_RWLOCKS
2015-05-12 09:46:00 +02:00
Kconfig.preempt
kexec_core.c
kexec: use file name as the output message prefix
2015-11-06 17:50:42 -08:00
kexec_file.c
kexec: fix double-free when failing to relocate the purgatory
2016-09-24 10:07:36 +02:00
kexec_internal.h
kexec: split kexec_file syscall code to kexec_file.c
2015-09-10 13:29:01 -07:00
kexec.c
kexec: use file name as the output message prefix
2015-11-06 17:50:42 -08:00
kmod.c
kmod: don't run async usermode helper as a child of kworker thread
2015-10-23 17:55:10 +09:00
kprobes.c
kprobes/x86: Fix to set RWX bits correctly before releasing trampoline
2018-04-08 11:51:56 +02:00
ksysfs.c
kexec: split kexec_load syscall from kexec core code
2015-09-10 13:29:01 -07:00
kthread.c
cgroup, kthread: close race window where new kthreads can be migrated to non-root cgroups
2017-04-21 09:30:04 +02:00
latencytop.c
Makefile
sys_membarrier(): system-wide memory barrier (generic, x86)
2015-09-11 15:21:34 -07:00
membarrier.c
Fix: Disable sys_membarrier when nohz_full is enabled
2017-03-12 06:37:26 +01:00
memremap.c
mm: fix devm_memremap_pages crash, use mem_hotplug_{begin, done}
2017-01-19 20:17:18 +01:00
module_signing.c
KEYS: Merge the type-specific data with the payload data
2015-10-21 15:18:36 +01:00
module-internal.h
module.c
module/retpoline: Warn about missing retpoline in module
2018-02-25 11:03:52 +01:00
notifier.c
Merge branch 'x86-asm-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
2015-09-01 08:40:25 -07:00
nsproxy.c
padata.c
padata: free correct variable
2017-05-20 14:27:02 +02:00
panic.c
kernel/panic.c: add missing \n
2017-07-05 14:37:19 +02:00
params.c
Nothing exciting, minor tweaks and cleanups.
2015-11-09 15:53:39 -08:00
pid_namespace.c
pid_ns: Sleep in TASK_INTERRUPTIBLE in zap_pid_ns_processes
2017-05-25 14:30:11 +02:00
pid.c
pidns: disable pid allocation if pid_ns_prepare_proc() is failed in alloc_pid()
2018-04-13 19:50:03 +02:00
profile.c
profile: hide unused functions when !CONFIG_PROC_FS
2018-02-25 11:03:44 +01:00
ptrace.c
ptrace: Properly initialize ptracer_cred on fork
2017-06-14 13:16:20 +02:00
range.c
reboot.c
kexec: split kexec_load syscall from kexec core code
2015-09-10 13:29:01 -07:00
relay.c
kernel/relay.c: use kvfree() in relay_free_page_array()
2015-06-30 19:44:59 -07:00
resource.c
resource: fix integer overflow at reallocation
2018-04-24 09:32:05 +02:00
seccomp.c
seccomp: fix the usage of get/put_seccomp_filter() in seccomp_get_filter()
2017-10-05 09:41:46 +02:00
signal.c
kernel/signal.c: remove the no longer needed SIGNAL_UNKILLABLE check in complete_signal()
2018-01-10 09:27:11 +01:00
smp.c
mm, page_alloc: distinguish between being unable to sleep, unwilling to sleep and avoiding waking kswapd
2015-11-06 17:50:42 -08:00
smpboot.c
stop_machine: Kill smp_hotplug_thread->pre_unpark, introduce stop_machine_unpark()
2015-10-20 10:23:55 +02:00
smpboot.h
softirq.c
stacktrace.c
stop_machine.c
kernel: remove stop_machine() Kconfig dependency
2015-12-12 10:15:34 -08:00
sys_ni.c
mm: mlock: add new mlock system call
2015-11-05 19:34:48 -08:00
sys.c
prctl: take mmap sem for writing to protect against others
2016-02-25 12:01:25 -08:00
sysctl_binary.c
fs/coredump: prevent fsuid=0 dumps into user-controlled directories
2016-04-12 09:08:58 -07:00
sysctl.c
timer/sysclt: Restrict timer migration sysctl values to 0 and 1
2017-10-05 09:41:47 +02:00
task_work.c
task_work: remove fifo ordering guarantee
2015-09-05 13:46:58 -07:00
taskstats.c
test_kprobes.c
torture.c
torture: Consolidate cond_resched_rcu_qs() into stutter_wait()
2015-10-06 11:25:01 -07:00
tracepoint.c
tracepoint: Give priority to probes of tracepoints
2015-10-25 21:33:54 -04:00
tsacct.c
uid16.c
kernel: make groups_sort calling a responsibility group_info allocators
2018-01-10 09:27:10 +01:00
up.c
user_namespace.c
capabilities: ambient capabilities
2015-09-04 16:54:41 -07:00
user-return-notifier.c
user.c
utsname_sysctl.c
utsname.c
watchdog.c
kernel/watchdog: use nmi registers snapshot in hardlockup handler
2017-01-06 11:16:16 +01:00
workqueue_internal.h
workqueue: Fix NULL pointer dereference
2017-11-15 17:13:11 +01:00
workqueue.c
workqueue: Allow retrieval of current task's work struct
2018-03-18 11:17:48 +01:00